(Synchronous) Returnstrue or false for whether a signature matches a
secret or key.

signature is a JWS Signature. header.alg must be a value found in jws.ALGORITHMS.
See above for a table of supported algorithms. secretOrKey is a string or
buffer containing either the secret for HMAC algorithms, or the PEM
encoded public key for RSA and ECDSA.

Other than header, all options expect a string or a buffer when the
value is known ahead of time, or a stream for convenience.
key/privateKey/secret may also be an object when using an encrypted
private key, see the crypto documentation.